# Encrypted Bootloader
add_executable(enc_bootloader
        enc_bootloader.c
        mbedtls_aes.c
        )

# pull in common dependencies
target_link_libraries(enc_bootloader pico_stdlib pico_rand pico_mbedtls)

# use stack guards, as AES variables are written near the stack
target_compile_definitions(enc_bootloader PRIVATE PICO_USE_STACK_GUARDS=1)

target_include_directories(enc_bootloader PRIVATE ${CMAKE_CURRENT_LIST_DIR})

# set as no_flash binary
pico_set_binary_type(enc_bootloader no_flash)

# Add a linker script to run no_flash binary from anywhere
function(add_linker_script target origin length)
    # Write script file to run later, to generate the linker script
    file(WRITE "${CMAKE_CURRENT_BINARY_DIR}/make_linker_script.cmake"
        "# create linker script to run from elsewhere in SRAM\n"
        "file(READ \${PICO_LINKER_SCRIPT_PATH}/memmap_no_flash.ld LINKER_SCRIPT)\n"
        "string(REPLACE \"RAM(rwx) : ORIGIN =  0x20000000, LENGTH = 512k\" \"RAM(rwx) : ORIGIN =  \${origin}, LENGTH = \${length}\" LINKER_SCRIPT \"\${LINKER_SCRIPT}\")\n"
        "file(WRITE \${output_file} \"\${LINKER_SCRIPT}\")\n"
    )
    # Add command to run this whenever memmap_no_flash.ld changes
    add_custom_command(OUTPUT ${CMAKE_CURRENT_BINARY_DIR}/${target}.ld
        COMMAND ${CMAKE_COMMAND}
            -DPICO_LINKER_SCRIPT_PATH:PATH=${PICO_LINKER_SCRIPT_PATH}
            -Dorigin="${origin}" -Dlength="${length}"
            -Doutput_file:FILEPATH=${CMAKE_CURRENT_BINARY_DIR}/${target}.ld
            -P "${CMAKE_CURRENT_BINARY_DIR}/make_linker_script.cmake"
        DEPENDS ${PICO_LINKER_SCRIPT_PATH}/memmap_no_flash.ld)
    add_custom_target(${target}_ld DEPENDS ${CMAKE_CURRENT_BINARY_DIR}/${target}.ld)
    add_dependencies(${target} ${target}_ld)
    pico_set_linker_script(${target} ${CMAKE_CURRENT_BINARY_DIR}/${target}.ld)
endfunction()

# create linker script to run from 0x20070000
add_linker_script(enc_bootloader "0x20070000" "64k")

# sign, hash, and clear SRAM
pico_sign_binary(enc_bootloader ${CMAKE_CURRENT_LIST_DIR}/private.pem)
pico_hash_binary(enc_bootloader)
pico_load_map_clear_sram(enc_bootloader)

# add partition table
pico_embed_pt_in_binary(enc_bootloader ${CMAKE_CURRENT_LIST_DIR}/enc-pt.json)

# create absolute uf2, and package in flash
pico_set_uf2_family(enc_bootloader "absolute")
pico_package_uf2_output(enc_bootloader)

# optionally enable USB output in addition to UART
# pico_enable_stdio_usb(enc_bootloader 1)

# create map/bin/hex/uf2 file etc.
pico_add_extra_outputs(enc_bootloader)

# add url via pico_set_program_url
example_auto_set_url(enc_bootloader)



# Example binary to load
add_executable(hello_serial_enc
        hello_serial.c
        )

# pull in common dependencies
target_link_libraries(hello_serial_enc pico_stdlib)

# set as no_flash binary
pico_set_binary_type(hello_serial_enc no_flash)

# create linker script to ensure it doesn't overwrite the bootloader at 0x20070000
add_linker_script(hello_serial_enc "0x20000000" "448k")

# configure otp output
pico_set_otp_key_output_file(hello_serial_enc ${CMAKE_CURRENT_BINARY_DIR}/otp.json)

# sign, hash, and encrypt
pico_sign_binary(hello_serial_enc ${CMAKE_CURRENT_LIST_DIR}/private.pem)
pico_hash_binary(hello_serial_enc)
pico_encrypt_binary(hello_serial_enc ${CMAKE_CURRENT_LIST_DIR}/privateaes.bin ${CMAKE_CURRENT_LIST_DIR}/ivsalt.bin)

# package uf2 in flash
pico_package_uf2_output(hello_serial_enc)

# optionally enable USB output in addition to UART
# pico_enable_stdio_usb(hello_serial_enc 1)

# create map/bin/hex/uf2 file etc.
pico_add_extra_outputs(hello_serial_enc)

# add url via pico_set_program_url
example_auto_set_url(hello_serial_enc)
